Dell Unity: Nessus Full Safe Vulnerability Security Scan recommends disabling SSL/TLS CBC ciphers

Summary: Nessus Full Safe Vulnerability Security Scan recommends disabling specific SSL/TLS CBC ciphers on Unity. Currently, these ciphers cannot be disabled on Unity.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Security Article Type

Security KB

Issue Summary

Nessus Full Safe Vulnerability Security Scan recommends disabling specific SSL/TLS CBC ciphers.

Supported CBC ciphers on Unity can also be detected through nmap script "ssl-enum-ciphers" over port 443.

Details

After Unity with TLS 1.2 or higher is enabled, the Full Safe Vulnerability Security Scan may still report the following recommendations to remove CBC ciphers supported by Unity:

"The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones"

"The remote host has open SSL/TLS ports which advertise discouraged cipher suites"

"The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly"

CBC ciphers supported by Unity (OE 5.2.0.0.5.173) can also be detected using nmap script "ssl-enum-ciphers" over port 443:

TLS_DHE_RSA_WITH_AES_128_CBC_SHA 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Recommendations

Currently, CBC ciphers cannot be disabled on Unity arrays and no workaround is available.

Legal Disclaimer

Affected Products

Dell EMC Unity
Article Properties
Article Number: 000202982
Article Type: Security KB
Last Modified: 20 Jan 2026
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.